CWE-790: Improper Filtering of Special Elements

The software receives data from an upstream component, but does not filter or incorrectly filters special elements before sending it to a downstream component.

Common Consequences

Scope

Effect

Integrity

Technical Impact: Unexpected state

Demonstrative Examples

Example 1

The following code takes untrusted input and uses a regular
expression to filter "../" from the input. It then appends this result to
the /home/user/ directory and attempts to read the file in the final
resulting path.

(Bad Code)

Example
Language: Perl

my $Username = GetUntrustedInput();

$Username =~ s/\.\.\///;

my $filename = "/home/user/" . $Username;

ReadAndSendFile($filename);

Since the regular expression does not have the /g global match
modifier, it only removes the first instance of "../" it comes across.
So an input value such as:

(Attack)

../../../etc/passwd

will have the first "../" stripped, resulting in:

(Result)

../../etc/passwd

This value is then concatenated with the /home/user/ directory:

(Result)

/home/user/../../etc/passwd

which causes the /etc/passwd file to be retrieved once the operating system has resolved the ../ sequences in the pathname. This leads to relative path traversal (CWE-23).